CVE-2001-1211
Published Dec 31, 2001
Last updated 16 years ago
Overview
- Description
- Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EAEA8FB7-3D42-4A39-BCCD-2DE3BC3EAC19"
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12658962-53E6-49EB-83EF-04A1B5D693B3"
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DA61FCA-BA3C-4014-9C4B-4D4ED65AB07A"
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0BC7230-2A64-43CE-B041-22F2E4A559A9"
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5700938-EE34-4A16-BE98-74EAA4A48249"
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCF543E9-F893-4086-BD97-ECB43EEF26BC"
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3818F47-0A00-4984-857D-DBF87DDB71B4"
},
{
"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D"
}
],
"operator": "OR"
}
]
}
]